Export limit exceeded: 349501 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43832 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40083 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-40052 | 1 Progress | 2 Openedge, Openedge Innovation | 2024-11-21 | 7.5 High |
| This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0 . An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities of many web application clients. Multiple of these DoS attacks could lead to the flooding of invalid requests as compared to the server’s remaining ability to process valid requests. | ||||
| CVE-2023-40036 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2024-11-21 | 5.5 Medium |
| Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `CharDistributionAnalysis::HandleOneChar`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++. | ||||
| CVE-2023-40031 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2024-11-21 | 7.8 High |
| Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++. | ||||
| CVE-2023-40022 | 1 Rizin | 1 Rizin | 2024-11-21 | 7.8 High |
| Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in `consume_count` of `src/gnu_v2/cplus-dem.c`. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block as unreachable code since the prior statement is multiplication by 10 and fails to consider overflow assuming the count will always be a multiple of 10. Rizin version 0.6.1 contains a fix for the issue. A temporary workaround would be disabling C++ demangling using the configuration option `bin.demangle=false`. | ||||
| CVE-2023-40014 | 1 Openzeppelin | 2 Openzeppelin Contracts, Openzeppelin Contracts-upgradable | 2024-11-21 | 5.3 Medium |
| OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwarder with calldata shorter than 20 bytes. This combination of circumstances does not appear to be common, in particular it is not the case for `MinimalForwarder` from OpenZeppelin Contracts, or any deployed forwarder the team is aware of, given that the signer address is appended to all calls that originate from these forwarders. The problem has been patched in v4.9.3. | ||||
| CVE-2023-3953 | 1 Schneider-electric | 1 Pro-face Gp-pro Ex | 2024-11-21 | 5.3 Medium |
| A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX. | ||||
| CVE-2023-3766 | 1 Cloudflare | 1 Odoh-rs | 2024-11-21 | 5.9 Medium |
| A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable. | ||||
| CVE-2023-3703 | 1 Proscend | 41 A510-f1, A510-f1 Firmware, A510-l1 and 38 more | 2024-11-21 | 10 Critical |
| Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials | ||||
| CVE-2023-3696 | 1 Mongoosejs | 1 Mongoose | 2024-11-21 | 9.8 Critical |
| Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4. | ||||
| CVE-2023-3668 | 1 Froxlor | 1 Froxlor | 2024-11-21 | 7.2 High |
| Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21. | ||||
| CVE-2023-3646 | 1 Arista | 47 7280cr3-32d4, 7280cr3-32p4, 7280cr3-36s and 44 more | 2024-11-21 | 5.9 Medium |
| On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload. | ||||
| CVE-2023-3635 | 2 Redhat, Squareup | 6 Amq Streams, Jboss Enterprise Bpms Platform, Jboss Fuse and 3 more | 2024-11-21 | 5.9 Medium |
| GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class. | ||||
| CVE-2023-3580 | 1 Squidex.io | 1 Squidex | 2024-11-21 | 4.3 Medium |
| Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0. | ||||
| CVE-2023-3552 | 1 Teampass | 1 Teampass | 2024-11-21 | 5.4 Medium |
| Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10. | ||||
| CVE-2023-3545 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 9.8 Critical |
| Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of `.htaccess` file. This vulnerability may be exploited by privileged attackers or chained with unauthenticated arbitrary file write vulnerabilities, such as CVE-2023-3533, to achieve remote code execution. | ||||
| CVE-2023-3527 | 1 Avaya | 1 Call Management System | 2024-11-21 | 6.8 Medium |
| A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel. | ||||
| CVE-2023-3523 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.1 High |
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. | ||||
| CVE-2023-3497 | 1 Google | 2 Chrome, Chrome Os | 2024-11-21 | 4.6 Medium |
| Out of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114.0.5735.90 allowed a local attacker to perform denial of service via physical access to the device. (Chromium security severity: Medium) | ||||
| CVE-2023-3493 | 1 Fossbilling | 1 Fossbilling | 2024-11-21 | 8.0 High |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3. | ||||